0Pricing
Cryptology Academy · Lesson

SRP: Secure Remote Password Protocol

Understand how SRP lets client and server mutually authenticate without the server storing passwords.

SRP Overview and History

The Secure Remote Password (SRP) protocol was developed by Tom Wu at Stanford and published as RFC 2945 in 2000, with an improved version SRP-6a defined later. SRP enables mutual authentication based on a shared password without ever transmitting the password itself, even in encrypted form.

Server Stores a Verifier, Not a Password

During SRP registration, the client computes a password verifier v = g^x mod N, where x = H(salt || password) and N is a large safe prime. The server stores only the salt and verifier v. Even if the server's database is compromised, the stored verifier does not directly reveal the password.

All lessons in this course

  1. The Fundamental Password Authentication Problem
  2. SRP: Secure Remote Password Protocol
  3. PAKE Protocols and Their Properties
  4. Passwordless Auth: WebAuthn and FIDO2
← Back to Cryptology Academy